Simply Defensive cover art

Simply Defensive

Simply Defensive

By: Simply Cyber Media Group
Listen for free

Summary

 Join us for Simply Defensive, a podcast dedicated to exploring the world of defensive cybersecurity through the lens of real-world experts. In each episode, we'll interview leading professionals from the cybersecurity industry, delving into their experiences, challenges, and innovative solutions. Whether you're a seasoned cybersecurity veteran or just starting to learn about the field, Simply Defensive offers valuable insights and practical advice to help you stay ahead of the curve. Tune in as we discuss the latest threats, emerging technologies, and best practices for protecting your organization from cyberattacks. ========================= Connect with your hosts: Josh Mason: https://www.linkedin.com/in/joshuacmason Wade Wells: https://www.linkedin.com/in/wadingthrulogs ========================= Simply Cyber empowers people who want a rewarding cybersecurity career 💪 ========================= ========================= All the ways to connect with Simply Cyber https://SimplyCyber.io/Socials =========================2025 Simply Cyber Media Group Career Success Economics
Episodes
  • S6:E3 - Tom Dejong - Inside the BHIS SOC: Triage, Curiosity, and Career Growth

    S6:E3 - Tom Dejong - Inside the BHIS SOC: Triage, Curiosity, and Career Growth
    May 4 2026
    Episode Show NotesS6:E3 - Tom Dejong - Inside the BHIS SOC: Triage, Curiosity, and Career GrowthEpisode SummaryIn this episode of Simply Defensive, hosts Josh Mason and Wade Wells sit down with Tom Dejong, Triage Lead at Black Hills Information Security (BHIS). Tom shares his unconventional path into cybersecurity — from a South Dakota apprenticeship scholarship to becoming one of the most detail-oriented analysts in the BHIS SOC. The conversation covers the realities of SOC triage, the importance of detailed documentation, mentoring new analysts, and how AI is reshaping (but not replacing) blue team work.Whether you're an aspiring SOC analyst, a seasoned defender, or someone curious about how to build a career in cyber without a traditional path, Tom's story and practical advice will resonate.What You'll LearnHow the Build Dakota Scholarship led Tom from apprenticeship to a cybersecurity careerWhat it's really like working triage at the BHIS SOCWhy detailed ticket notes are a force multiplier for SOC teamsThe hypothesis-driven approach to alert investigationHow to pivot off IPs, hashes, process names, and file pathsWhy curiosity is the #1 skill for SOC analystsHow AI is being used in modern SOCs (and why it's not taking your job)The challenge of building SOC training and webcastsAdvice for handling mistakes and learning from themEpisode HighlightsTom's Journey Into Cyber From discovering Darknet Diaries and hearing John Strand mention Spearfish, South Dakota — the same town Tom was living in — to landing his first day at Wild West Hacking Fest 2022 as a BHIS intern.The Triage Mindset Tom walks through his approach to investigating alerts: starting with detection logic, checking for prior tickets, and breaking down each piece of evidence in writing to make the logic click.Documentation as a Superpower Why Tom believes detailed notes aren't just nice-to-have — they're essential for the next analyst down the line and for his own thought process.AI in the SOC Tom's honest take on using AI for investigations, polishing client communications, and writing detection logic — plus why he's not worried about it taking his job.Advice for Blue Teamers You're going to make mistakes. Use them as learning experiences. Lean on your teammates. Stay curious.Timestamps00:00 Intro and Welcome01:00 Tom's Role at the BHIS SOC01:30 From Apprenticeship to Cybersecurity: The Build Dakota Story03:00 Discovering BHIS Through Darknet Diaries04:00 Wild West Hacking Fest as Day One04:30 Behind the Scenes of a SOC Webcast06:30 The Art of Alert Triage and Pivoting08:30 Building Conference Talks and Training Content10:30 Where Tom Sees His Career Going11:30 Why Curiosity Is the #1 SOC Skill12:30 Favorite Alert Types to Work14:00 Round Robin vs. Self-Assigned Tickets15:00 Note-Taking and Documentation Best Practices19:00 Building a Hypothesis When an Alert Comes In20:30 AI in the SOC: Hype, Reality, and Use Cases24:00 Will AI Replace SOC Analysts?26:00 Training Resources for New Analysts28:00 Advice for Aspiring Blue Teamers29:30 Closing ThoughtsResources MentionedBlack Hills Information Security: https://www.blackhillsinfosec.com/Antisyphon Training: https://www.antisyphontraining.com/Build Dakota Scholarship: https://www.builddakotascholarships.com/Darknet Diaries Podcast: https://darknetdiaries.com/Wild West Hacking Fest: https://wildwesthackinfest.com/Connect with TomLinkedIn: Tom Dejong at Black Hills Information SecurityBHIS Webcasts & Workshops: Available through Black Hills Information SecurityConnect with Your HostsJosh Mason: https://www.linkedin.com/in/joshuacmason/Wade Wells: https://www.linkedin.com/in/wadingthrulogs/
    Show More Show Less
    31 mins
  • S6E2: John Hammond on Security Research, Storytelling, Deception, and Getting Hired in Cybersecurity

    S6E2: John Hammond on Security Research, Storytelling, Deception, and Getting Hired in Cybersecurity
    Mar 17 2026

    John Hammond on Security Research, Storytelling, and Deception for Defenders

    In this Simply Defensive episode, hosts Josh Mason and Wade Wells interview John Hammond, a Huntress security researcher, YouTuber, and educator, about his career path and defensive research. Hammond explains he has never worked as a penetration tester, SOC analyst, or detection engineer, instead “falling into” security research through hands-on Capture the Flag work and building cyber threat emulation course content, earning Offensive Security’s OSCE3 bundle recognition. He discusses why storytelling and communication are critical for translating attacker tradecraft into actionable defenses, emphasizing understanding the attack chain to identify places to break it. He recommends building a public portfolio of write-ups and notes, and says multiple creators covering the same topic can still provide value through different explanations. The conversation also highlights endpoint deception and honeypots, challenges of reversing compiled binaries versus script-based malware, and his advice to document thoroughly in shared organizational knowledge bases.

    00:00 S6E2: John Hammond on Security Research, Storytelling, Deception, and Getting Hired in Cybersecurity
    01:27 Meet John Hammond
    01:57 Security Researcher Life
    04:43 OffSec Certs Explained
    06:55 From CTF to Research
    08:47 Storytelling in Cyber
    12:10 Turning Attacks to Defense
    15:19 Getting Hired as Researcher
    16:48 Portfolio and Honeypots
    19:05 Make the Video Anyway
    21:40 Alternate Data Streams Nerdout
    23:36 CTFs Then and Now
    24:28 Life Shifts Priorities
    25:44 Beyond CTFs Next Trend
    26:52 Deception Meets Detection
    28:48 Honeypots and Program Maturity
    31:13 Malware Reversing Boss Fights
    35:09 Blue Team Advice Document Everything
    37:51 Where to Find John and Training
    38:49 Wrap Up and Farewell
    Show More Show Less
    39 mins
  • From Blue Team Challenges to AI Innovations: A Conversation with Jason Haddix

    From Blue Team Challenges to AI Innovations: A Conversation with Jason Haddix
    Feb 24 2026

    In this episode of Simply Defensive, Josh Mason and Wade Wells sit down with Jason Haddix — CISO veteran, AI security thought leader, and founder of Arcanum Information Security — for a wide-ranging conversation on where AI is actually headed in cybersecurity, and what blue teamers need to know right now.

    Jason shares what he's learned from running AI scaling assessments inside major enterprises, why most organizations are still in the early stages of AI adoption, and how the industry needs to stop thinking about AI security like traditional web app security. He breaks down the stages of AI adoption (from custom bots to agents), explains why input validation is a losing game for LLM security, and makes the case for classifiers, guardrails, and LLM-based routing as the real defense-in-depth play for AI systems.

    Wade and Jason also revisit the Red Blue Purple AI course, talk through how RAG and context engineering are transforming what's possible for blue teamers, and discuss why the credential leakage problem is still one of the biggest vectors defenders aren't taking seriously enough.

    Topics covered:

    • Why CTI struggles to prove value — and where it actually matters most
    • Stealer logs, credential leakage, and when rolling an account isn't enough
    • AI adoption stages: custom bots → RAG → agents
    • Why SOAR skepticism is a preview of AI hesitancy
    • Context engineering vs. prompt engineering
    • Defending AI systems: prompt-level protections, classifiers, guardrails, and LLM routing
    • When does a prompt become IP?
    • Jason's advice for blue teamers: embrace AI as a tool, find your annoying tasks, and start chipping away

    Connect with Jason Haddix:

    • Twitter/X: @jhaddix
    • Arcanum Information Security: arcanam-sec.com
    • GitHub (free tools & resources): ARCanum Information Security on GitHub
    • Newsletter: Executive Offense by Jay Haddix

    Resources mentioned:

    • Red Blue Purple AI Course (ARCanum)
    • Flare (threat intelligence / credential monitoring): flare.io
    • Detections.ai

    Connect with the Hosts:

    • Josh Mason: linkedin.com/in/joshuacmason
    • Wade Wells: linkedin.com/in/wadingthrulogs
    Show More Show Less
    32 mins
adbl_web_anon_alc_button_suppression_c
No reviews yet